Project Insomnia

My offer of a Gmail invite in exchange for an Orkut invite has been answered.
I do have two remaining Gmail invites at this time--let me know if you want one.

Antonio Cavedoni has come up with an automatic translator from Blogger/LiveJournal-favored Atom (0.3) to the more universally-recognized RSS (1.0). The practical upshot of this is that Blogger/LiveJournal Atom feeds may now be subscribed to in standard RSS readers (a nifty one is included in Opera 7.51) -- including this very site.

So not only can Microsoft (apparently) not build a secure, safe Web browser, they don't even bother doing regression testing. Slick, guys. This is a particularly nasty one:

According to the latest bulletin, the vulnerability affects people who have multiple IE browsers open. Through one of the open browsers, hackers can change the content of another Web site without users ever knowing that it has been altered.

Using this attack method, hackers could insert links into legitimate Web pages and direct people to malicious sites where they could solicit personal information such as bank account or credit card information. Because the link comes from a legitimate and trusted site, victims may not realize they have been redirected to a harmful site. Hackers could also insert links that would trick users into downloading malicious software.

So, for example, you have one IE window open to a site which is (knowingly or not) carrying the malicious code to exploit this vulnerability, and another window on Windows Update. The vulnerability makes it possible for the evil site to write new content onto the Windows Update window. Such as rewriting download links to point to infected or trojaned files.

Any other product by any other company displaying the shockingly dangerous behavior of IE would be banned from sale, and the manufacturer subject to criminal prosecution.
If you still use IE, please consider Opera (free ad-supported, $29 ad-free) or Mozilla (free). Both are extremely standards-compliant--moreso than IE--and will work with the majority of Web sites you visit. Not to mention being wholly non-susceptible to these vulnerabilities.

Office Space Wars
(30 MB WMV)

CNN.com is carrying an AP story reporting that the US Army is preparing to recall several thousand retired or discharged soldiers to active duty. These people are members of the Individual Ready Reserve, a classification that applies to soldiers who have completed the active and reserve components of their service but not the full eight-year enlistment period. Note that different rules apply to commissioned officers; I'm only talking about enlistees here.
How this applies to me, as a former Army member: It does not. I completed my full eight-year enlistment period in August of 1997. I am no longer part of the IRR and am not subject to recall, involuntary or otherwise. Note that this paragraph in the AP article is not quite correct:

Any former enlisted soldier who did not serve at least eight years on active duty is in the Individual Ready Reserve pool, as are all officers who have not resigned their commission.

It's not eight years active, it's eight years active plus reserve plus IRR.
So don't worry about me! Instead, worry about 5,600 other citizen-soldiers who thought they'd completed their voluntary service and are now going to be sucked in to this awful situation.

The Register reports CERT recommends anything but IE to avoid the new round of security vulnerabilities for which no patch exists, or will exist any time soon due to the inherent weaknesses in IE's design.

A statement on the CERT site said: "There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites."

If you're thinking of switching, I highly recommend Opera.

Gandalf: "JOO SHALL NOT PASS!"
Suggestion: Don't read while drinking anything, for the sake of your keyboard.

You'd think that with both Gmail and Orkut owned by Google, with whom I have a complex multifaceted relationship consisting of mail, adverts on this page, Blogger, and inline search, that somehow one or another of these elements would translate into an Orkut invite directly--just as the Blogger account led to the initial Gmail invite. Alas, it does not appear to be so.

Was that sentence long and confusing enough?

To summarize, I will trade my last remaining Gmail invitation for an Orkut invitation. Please use the email form found in the bottom right corner of this page as I don't always see post comments right away.

From the "what were they thinking?!" department comes (via MSNBC/AP) this latest brilliant idea from Sacramento:

Gov. Arnold Schwarzenegger wants to repeal a state law that requires animal shelters to hold stray dogs and cats for up to six days before killing them.

Instead, there would be a three-day requirement for strays. Other animals, including birds, hamsters, potbellied pigs, rabbits, snakes and turtles, could be killed immediately.

Didn't he learn when he tried to cut benefits to disabled senior citizens last year and had to back down almost immediately? The only way to successfully cut budgets is in areas where people don't have emotional attachments--and telling shelters to kill defenseless and highly adoptable strays is definitely the wrong angle to take.
I'll update this post when I can find a link to organized resistance to the proposal.

Update:

Saying he made a mistake months ago that would have made it easier for shelters to kill stray dogs and cats, Gov. Arnold Schwarzenegger said Friday he has reinstated the state's six-day waiting period before lost animals could be killed.

I don't believe the "months ago" comment for a second, but at least he changed his mind.

(Links fixed)

Chronicle sportswriter Steve Kroner reports that because of some arcane broadcast contract machinations, this weekend's Giants-A's series will be double-covered with the Giants' telecast on KTVU-TV(2) tonight and FSN Saturday and Sunday, and the A's side on FSN tonight and KICU-TV(36) over the weekend. To make it even weirder, former A's play-by-play man Greg Papa will be calling the Giants game, and ex-Giants color commentator Hank Greenwald will be doing the A's game.

One other item of note for the series: Sunday's KICU telecast will be another "Inside TV" affair, in which viewers can use the SAP function on their TVs to hear the interplay of director Mark Wolfson with the announcers, the photographers and the folks in the truck.

This is a cool look into the production side of a baseball telecast. Especially nice is that the commercial audio is replaced by the crew chatter, with the director usually arguing with the advertising executive about which spots need to be shown.

2004-06-28 Update:The "Inside TV" feature had some technical problems and has been rescheduled for this Friday, July 2, at 7:00 PM. Thanks to Program Assistant Lori of KTVU/KICU for the info.

Adobe Reader Speed-Up is a neat little utility that manages Acrobat Reader plugins. Why? Because the default set of plugins shipped with the Reader are far more than most users will ever need, and even on a fast new machine, loading the Reader with the default set can be deathly slow. Many "tips" sites recommend manually copying all but the three required plugins to an "Optional" subdirectory. This utility does it all for you.
An extra tip from the discussion site I linked above:

Under "Updates"
------------------

"Check for Updates": "Manually"
"Show Auto-Update confirmation dialog": OFF
"Display notification dialog at startup": OFF


Under "Internet"
-----------------

"Allow fast web view": OFF
"Allow speculative downloading in the background": OFF.

and notched "Connection Speed" up to the approximate speed of my DSL line from 56k. Not that Acrobat should need to know my connection speed, or that I have any idea what it does with that information.

Disabling unnecessary plugins and making the settings changes described here have made a noticible improvement in Acrobat loading speeds.

SomethingAwful's Reid "Frolixo" Paskiewicz writes today about losing another loan to Ditech, wanting Fanta, and other horrors of modern advertising.

The most revolting thing I find about television is the commercials. I have a very sensitive mental state when it comes to aggressive advertising being shoved in my face. My normal defense against this consumer abuse is to flip the channels until the program is back on, or try to avoid taking in any stimuli by sealing my eyes and ears with quick drying cement. But sometimes I am far too lazy to reach for the remote or start the cement mixer, so I must sit and endure a bombardment of loud shouting, bright colors, and invasive jingles.

As usual for a SomethingAwful link, please note that this is not a site for kiddies or anyone with delicate sensibilities--but it's really really funny.

Drink up, it'll put fur on your chest: It's time for 3-month-old Lingga's morning feeding at the Ragunan Zoo in Jakarta, Indonesia.

This is not me.

Cerulean has posted a patch (and new full installer) for Trillian to allow it to once again connect to Yahoo. Nice work, guys.

Note: This post is from June, 2004. For current updates on making Trillian work with Yahoo, go to Cerulean Studios.

ZDNet reports that Yahoo is once again blocking connections from Trillian (the alternative multi-protocol client). Yahoo tried this a few times last year and it looks like they're trying again. Cerulean, maker of Trillian, employs some excellent protocol engineers, who I have no doubt will quickly figure out Yahoo's latest obfuscation and release a patch.

Until then, if you're on Yahoo and need to get in touch with me, use the email form at the bottom of this page, or find me on AIM instead.

Edit: Change your Y!IM host from scs.msg.yahoo.com to scs.yahoo.com, port 5050, and it should work. This is on Trillian 0.74H, not Pro.

Note: This post is from June, 2004. For current updates on making Trillian work with Yahoo, go to Cerulean Studios.

Keith Brown answers this question in the online edition of his book, A .NET Developer's Guide to Windows Security. This chapter will make it very clear how important it is to develop code (and in fact operate day-to-day) as a non-admin user, and if you're anything like me (though you're probably not) draw you in to reading the rest of the book online.

It's obvious that individual programmers need to learn how security works on this platform. I believe that a great way to start is to run from day to day as a normal, non-privileged user. Why do I believe this? Because I did it myself. I stopped running as an administrator and I immediately began to spot problems in my own code, and in other products that I used to use on a daily basis. I was shocked to see how many programs failed miserably when run non privileged, but at the same time, I was learning how to avoid these same failures in my own code. I felt like I'd taken the red pill (apologies to The Matrix) and I was seeing the real world for the first time.

I found this article when Googling for information on how to run WinKey (an absolutely essential little utility) as a non-admin user. It's confirmed my own recent decision to do everyday work while in XP Pro as a non-admin user, and also to change Jennifer's XP Home account from the default administrator setting to a non-admin.

I have two Gmail invitations up for grabs to the first two people to ask for them. Use the email form at the bottom of this page or IM me; I don't always see post comments right away.


2004-06-27 Note: This offer has been superceded.

I'm looking for a new HTML editor and would like any suggestions. I'm currently using MS Visual Studio 6 and have been for a good many years. It's not ideal, though it does do tag highlighting and checks for unclosed quotes.

What I'm looking for is something slightly visual (though not too abysmal) but not a WYSIWYG editor like DreamWeaver. I code by hand and am really not interested in changing that. It should recognize all current XHTML tags and attributes as well as CSS and, perhaps, JavaScript and PHP. It should be "light", that is, quick to load and not resource-intensive. An MDI (multiple document interface) mode is preferable, as is multiple undo. Finally, it should check for unclosed tags (like a <P> without a matching </P>) and maybe perform HTML/XHTML/DTD validation.

And it has to run on Windows. I've heard wonderful things about BBEdit for Mac OS, though.

Any suggestions?

Jon Barker has filled in the "missing link" between GMail and local email clients (e.g. Opera Mail, Mozilla Thunderbird, Outlook Express, etc) with PGtGM or "POP goes the GMail". PGtGM is a proxy that sits between your email client and the GMail Web mail system and allows you to treat your GMail account just like another email account, without having to go to the GMail site.

Well, I'm working. Got a contract with a company that does outsourcing work for Symantec to work on the uninstaller for the corporate version of Norton Antivirus. It should last a couple of weeks and these guys may have more work for me when this job is done. The pay is very good, which I guess comes with the territory of short-term contracting (since there are no benefits at all).
So I'm frantically learning MSI and VBScript and a couple of other things I never really had time for at ISS, because while we were stuck in 1998 the rest of the world has moved on in terms of installer technology. Luckily I'm in sort of a hurry-up-and-wait mode right now, waiting for necessary detail from a guy at Symantec before I can really get down to work, so I have time to fiddle with a somewhat less-obsolete version of InstallShield, and hopefully not make an utter fool of myself as I assure the guy here that I can do the job-- which I really can, I just need to get up to speed on the latest tools.

I'd also like to note that only Microsoft could have come up with the utterly brilliant concept of turning a simple install script into a horrendously complicated database application, and then (of course) making it an industry standard--even if almost nobody knows how to use it correctly. Thanks, Bill!

Does anybody know why Alan Kalter gives flowers to a woman at the end of each episode of "The Late Show with David Letterman" each night? Who is she?

The Chronicle reports this morning that BART will offer free rides on "Spare the Air" days this summer (days when the Bay Area is in danger of violating federal air management standards).

The free-ride program is the Bay Area's first attempt at a regional incentive program to use mass transit and reduce air pollution. Although other cities have tried something similar -- with mixed results -- local officials say it is the biggest free-ride experiment yet.

"This has never been done at this kind of level before anywhere in the United States,'' said Teresa Lee, a spokeswoman for the Bay Area Air Quality Management District, which is under pressure to improve the region's air quality.

This is a terrific idea, in my view, though it will need to be adequately publicised the night before each free morning to make sure commuters know about the availability of free rides the next day.
I've loved BART ever since the first time I lived in the Bay Area back in the early 80s. Unfortunately I probably won't be able to take advantage of these free rides, unless my new job (when I get one) is reachable from BART.

Have you seen the new Harry Potter movie yet? Having trouble keeping the plotlines and back stories straight? Here's a quick summary of the film which explains everything in easy-to-read (but sometimes R-rated) terms.
(Link courtesy Mistryl)

Man Charged In Chalupa Assault

DES MOINES, Iowa -- A man who claimed he didn't get the taco he paid for has been charged with assault for allegedly pelting a Taco Bell clerk in the face with a chalupa.

Mmmm, airborne Chalupa...

On Slashdot today is a link and discussion about modding a Big Trak. I had one of these. It was, I think, my first programmable toy (though Merlin may actually have come first) and almost certainly one of the first internally complex devices I successfully reassembled after taking it apart. Of course, I have no idea where my old Big Trak might be after all these years. It's good to know, though, that I could always get one if I really wanted to.

This c|net News.com article describes how Internet advertisers are using new forms of online ads to defeat pop-up blockers. Unfortunately, as is usual when News.com tries to explain too much, they get some things wrong. Example:

Blocking software typically suppresses a new window. It detects a command known as "openwin" for opening a new window, which would be written into the HTML (Hypertext Markup Language) of a Web page.

"openwin" is not part of the XHTML or even the legacy HTML specifications. It's also nowhere to be found in JavaScript/ECMAScript. The latter do contain a window.open method, which may be encapsulated in a user-defined "openwin" function, but that is a long way from being an HTML command as the article describes.
In any event, the panicky sense of the article doesn't affect me in the slightest. Why? Because I use the best ad blocker on the market today: Ad Muncher. It seamlessly and effortlessly handles all forms of pop-ups, pop-unders, floaters, and all the other garbage the advertising execs bragged about in the c|net article. At $25 (with a 30-day trial) it's well worth it in saved bandwidth alone. No, I'm not affiliated with Ad Muncher, just a very happy customer.

Or maybe it's an osbra. The San Francisco Zoo put Fred in the zebra enclosure and now he thinks he's a zebra.
(SF Gate Day in Pictures)

Helpful Tips from Three Dead Trolls in a Baggie (of "Every OS Sucks") on keeping yourself sane by keeping Mom & Dad safely offline.

No offense, Mom and Dad.

Edit: Three Dead Trolls in a Baggie did not do "Dungeons and Dragons", they did "Every OS Sucks". "Dungeons and Dragons" was from the Dead Alewives

And about time, too: After two years of no weekend service and construction, Caltrain is set to premiere the new "Baby Bullet" service on Monday. The new trains actually don't run any faster than the existing ones, but the new track and service schedule allows them to run at their top speed of 79 MPH for longer stretches.

Commuters on the weekday service can expect much quicker trips up and down the Peninsula aboard the five morning and five evening trains that make up the Baby Bullet service. To meet commute demands, three of the trains will run northbound in the morning and two southbound with three southbound and one northbound in the evening.

The fleet of snub-nosed red, white and gray locomotives pulling sleek rail cars will supplement the boxier-looking trains that have been providing regular weekday Caltrain service between San Francisco and San Jose.

This is especially good news at a time when the Giants seem to have found themselves – we take Caltrain to Giants games, and with no weekend service (and evening jobs) we've not been able to get to a game yet this year. With weekend service restored and a new sense of life at The Stadium Formerly Known As Pac Bell, we might get to one soon.